On Wed, Jan 25, 2023 at 3:38 PM Thomas Ward <[email protected]> wrote: > > Today, this backport request came in for OpenSSL: > > https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2003903 > > This request was made so that allowing SSL_OP_LEGACY_SERVER_CONNECT to > actually work would be available in -backports. > > Any time that OpenSSL comes up in my radar for sponsors or backporting > it ends up making me ask the Security team on their opinion because any > patches to OpenSSL from Security won't make it to -backports and because > of ABI/API changes that sneak in with microreleases to core SSL > libraries (openssl, nss, gnutls, ...). > > With this discussion brought up, it was discussed in #ubuntu-devel with > me pinging both Dan Streetman and Mattia Rizzolo in IRC, Mattia chimed > in on the discussion and with our discussion there, myself and Mattia > agreed that, due to security reasons and concerns of ABI breakage in > packages across the board, as well as the fact -backports doesn't get > Security Team coverage there, we were going to add a category of "core > SSL libraries" (with examples) to the Forbidden Packages section in > backport policies. > > Right now this has a +2 on this - myself and Mattia in support of this, > and with this we made the change as that gives a majority decision > currently among the Backporters team. Additionally, Security wanted to > make aware that they wouldn't want to see OpenSSL land in -backports > because of the huge integration that OpenSSL has which could introduce > many breakages in non-backports when a backported OPenSSL or such is > used for libraries. > > I've made this revision in the backports policies because myself and > Mattia had an agreement in IRC on this, we can revert this in a future > discussion if necessary. Per policy, this is the note for the > discussion here on the ML.
+1 from me as well, thanks! > > > Thomas Ward > > Backporters Member > > > -- > ubuntu-backports mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports -- ubuntu-backports mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
